Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
gsk_get_directory_certificates() z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
Gets the certificates stored in the LDAP directory for the
subject.
Format
Parameters
ResultsThe function return value will be
0 if no error is detected. Otherwise, it will be one of the return
codes listed in the gskcms.h include file. These are some
possible errors:
UsageThe gsk_get_directory_certificates() routine retrieves the certificates that are stored in the LDAP directory for the specified subject name. When matching UTF-8 encoded attribute values in the subject name, System SSL uses a case sensitive (exact match) comparison. The directory schema is defined by RFC 2587: PKIX LDAP Version 2 Schema. The certificates are stored as attributes of the subject directory entry. Each certificate is encoded as defined by RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. The userCertificate attribute is used to retrieve end-entity certificates while the caCertificate attribute is used to retrieve certification authority certificates. Retrieved certificates are cached so that it is not necessary to contact the LDAP server for subsequent requests for the same certificates. The cached certificates are released when the gsk_close_directory() routine is called to close the directory handle. |
Copyright IBM Corporation 1990, 2014
|